Avis de Confidentialité des Données
FIAFIA Main Privacy Notice
Last updated: July 2023
Summary of how we use your data
- The FIA uses your personal data to allow you to use the features in FIA content, to administer your online and offline relationships with the FIA, to manage the safety and security of our venues and events, to comply with FIA’s legal obligations and to provide you with FIA and partner products, services, courses and other offerings. Some of this personal data will be provided by you, and others will be generated by FIA or provided by third parties.
- Our websites may provide interactive features that engage with social media sites, such as TikTok, Meta and Twitter. If you use these features, these sites will send us personal data about you. We also make use of cookies to analyse the use of our website and to help us to improve our website and services.
- Where we rely on your consent, such as for direct marketing purposes, you can withdraw this consent at any time.
- This privacy notice sets out more details of this processing, including details of your data protection rights, including your right to object to certain processing.
- This privacy notice does not address the FIA’s processing in its role as an international federation for motorsport. For this, you should refer to the FIA’s Motorsport Privacy Notice [https://www.fia.com/motorsport-privacy-notice].
What does this notice cover?
This notice describes how the Fédération Internationale de l’Automobile (the “FIA”, “we”, “us”) will make use of your personal data on the FIA’s website and during any other interaction with the FIA online and offline except where you are an employee of the FIA (where you should refer to the FIA’s employee privacy notice) or where you are engaged with the FIA in relation to your participation in motorsport, where you should refer to the FIA’s Motorsport Privacy Notice [https://www.fia.com/motorsport-privacy-notice]. You may also receive more specific notices where appropriate from time to time.
This notice addresses the processing of personal data relating to:
- your interactions with us via our websites, platforms and portals, correspondence or social media platforms;
- your attendance at our premises;
- your attendance at our Competitions or Championships except as a motorsport participant;
- processing of your information in relation to your membership of a member clubs including where we are involved in the offering of third party offers;
- your engagement with the FIA if you, or your employer, supplies or partners with the FIA;
- our direct marketing to you.
This notice does not address processing of your data through store.fia.com, which is operated by a third party.
This notice also describes your data protection rights, including your right to object to some of the processing which the FIA carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
What categories of personal data do we collect?
We collect and process personal data about you when you interact with us in the ways described above. This includes:
- Identification data: your name, username and password, gender, age/date of birth;
- Contact details: your home address, email address and phone number;
- Payment details: including billing and delivery addresses and credit card details, where you make purchases from us;
- Profile, analytics and usage data: including your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s) and services, including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology please check our cookies information below;
- Technical data: including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform;
- Application-related information: information related to your application for a role with the FIA, or for a position on an FIA course or event, including relevant information for your application, which may include you curriculum vitae (CV), cover letter, employment history, education history, qualifications and skills, reference contact information, travel preferences, position preferences, willingness to relocate, desired salary, interests and aspirations, background screening information if relevant, immigration status, and information about your entitlement to work. This may include information related to your health, where this is necessary to offer you reasonable adjustments;
- CCTV: we collect CCTV footage for health and safety reasons at our events and our premises and this could include images of you;
- Employment and business information: your position and employer, your work contact details and your interaction with us in your role, including information provided in the course of the contractual or client relationship between you or your organisation and the FIA, or otherwise voluntarily provided by you or your organisation;
- One Road data: your motoring club membership number, and information related to your interaction and purchases with an FIA partner, as part of your engagement with One Road offers;
- Research data: information collected in the course of carrying out market or mobility research, including your responses to surveys, involvement and input in research activities and demographic and other background information you provide or allow us to access, including information relating to your vehicle;
- Communications content: any other information you may provide in your communications with us.
We collect most of this information from you directly. For example, data is collected through communications you send, or your engagement with the FIA. We also generate or collect information about you ourselves. In an online context, much of this is set out in our cookies information below. Where you apply for a role, or a position on a course, data is collected through application forms and documents you submit to us.
Sometimes, we receive information about you from third parties. In particular:
- Social media sites: if you participate in activities on non-FIA sites or apps - such as participating in a Meta or Tik Tok application - you may allow us to have access to personal data held by Meta or Tik Tok, or other site or app owners;
- FIA partners: if you make a purchase from an FIA partner that is taking part in our One Road scheme, we will receive information about your purchases to help us assess the effectiveness of the scheme, and report to your motoring club;
- Event organisers: we sometimes will receive relevant information from event organisers in relation to your attendance at any of our meetings, events or competitions;
- Authorities: we receive information about individuals that the police or other sports stakeholders recommend or require us to ban from our events.
Why we collect, use and store this personal data
We are usually required to have a lawful basis to process your data. We explain each of these legal bases below. We also set out the purposes for which we process your data. For each purpose, we explain the lawful basis for that processing, the processing operations that we carry out and the categories of data that we process.
Legal bases relied on by the FIA for processing described in this notice
Consent – sometimes we ask for your consent to use your data. If we need this to process any special category data, such as your health data, we will seek your explicit consent.
Contract – if we have an agreement in place with you, we may process your data where it is necessary for us to meet our obligations or enforce our rights under the contract.
Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process personal data on the basis of a legitimate interest, then we consider what the impact of the processing will be on affected individuals and to determine whether those individuals’ interests outweigh our interests in the processing taking place.
Legal obligation – we have obligations to comply with legal and regulatory requirements under various applicable laws. In certain cases, we have to use your data to meet these obligations.
Purposes
We process this personal data for the following purposes:
Fulfil a contract with you (contract)
Where you make a purchase from us or agree to take a service, including a ticket for an event, a service or a place on a course, or enter a competition we run, we have to fulfil a contract, or take steps linked to a contract. This means that we collect and use your personal data to:
- verify your identity;
- take payments;
- communicate with you;
- provide customer services and arrange the delivery or other provision of products, prizes or services;
- manage our contractual relationship with you.
To do this we use your identification data, contact details, application-related information, employment and business information and payment details. This information may be shared with certain third parties to help us achieve this purpose. E.g. data and website hosts, ticketing providers, payment providers and courier services.
Managing our business, site and services, engaging with and understanding our fans and stakeholders (legitimate interests, consent for certain cookie related processing and health assistance)
We have an interest in operating our website and events and ensuring our services are being offered in the best way. This means we collect, analyse and use your data to:
- provide products and services you have requested, including FIA University courses, and respond to any comments or complaints you may send us;
- analyse our interactions to better understand our fans and stakeholders;
- monitor use of our websites and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
- record calls made to and from the FIA and use this information for training and monitoring purposes and to provide evidence in relation to any membership disputes or complaints;
- personalise our website, products or services for you;
- carry out market research; and
- investigate any complaints received from you or from others, about our website or our products or services.
Cookies are small files that a website stores on your computer or device and that your browser provides to that same website each time you visit it. FIA uses cookies to improve the browsing experience, manage access to specific content and also to measure and analyse how the FIA’s website is used. Where this processing involves reliance upon cookies which are not strictly necessary to operate our services or limited to appropriate pseudonymous audience measurement, we will seek your consent.
There may be circumstances in which you provide us with your health data, for example where this is necessary to ensure we provide adjustments or accommodations as part of a course you register to attend. We will typically process this on the basis of your explicit consent to the extent required by applicable data protection laws.
This processing involves your identification data, contact details, profile analytics and usage data and technical data, application-related information; employment and business data and communication content.
This information may be shared with certain third parties to help us achieve this purpose including IT and marketing and market research services providers, those providers who assist us in putting on our offline events and competitions and our professional advisors. Where you engage with a social network through our website, or reach our website from a social network, we may share personal data with that social network.
Direct marketing (legitimate interests or, where required, your consent)
We use your data to send you direct marketing about the FIA, our Competitions and Championships and our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners. We will do this on the basis of our legitimate interest in promoting motorsport and the FIA, its partners and products and services, unless we are legally required to seek your consent. To do this we use your identification data, contact details, your profile, analytics and usage data, employment and business data and technical data.
This information is shared with certain third parties to help us achieve this purpose such as IT service providers and marketing service providers. We also share information with our commercial partners where permitted by your consent or otherwise permitted by law.
Managing concerns around security (legitimate interests)
We have an interest in ensuring everyone that accesses our website or attends our premises or events are kept safe and that we maintain security across our offerings. This means we collect, analyse and use your data to:
- monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
- we use CCTV and other security measures to protect the safety of those at our premises or events, to provide evidence in relation to incidents taking place at our premises or events and to prevent and detect unlawful activity;
- use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
To do this we use your identification details, your technical data, communications content, employment and business information and CCTV footage as appropriate.
This information may be shared with certain third parties to help us achieve this purpose including our relevant third-party service providers such as event organisers and security providers, IT service providers, our professional advisers, relevant regulators, government authorities and/or law enforcement officials.
Verifying information (legitimate interests)
We have an interest in verifying information that you provide us with in order to use our website and attend our events and competitions. To do this we use your identification data, contact information and payment details.
This information may be shared with certain of our third parties, e.g. if you provide a credit or debit card as payment, we use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud.
One Road data (legitimate interests)
The FIA collects and processes One Road personal data of the members of its Member Clubs, to allow analysis and reporting of its cross-Club One Road partner offers. Where you make a purchase through a One Road offer at an FIA partner, details of this purchase are shared with the FIA, which in turn shares this information with your Member Club. This collection and sharing is based on the FIA’s legitimate interest in ensuring Member Clubs have access to more profitable offers, and that individual members have access to higher value offers.
This information is shared with Member Clubs and with Partners, and with the FIA’s third-party IT service providers involved in the development and maintenance of the One Road Platform.
Market research and policy campaigning (legitimate interests)
The FIA’s mobility teams, including the Automobile Mobility and Tourism Regions, process personal data in connection with their research into mobility issues and adoption of policy positions, including in the creation of policy documents, research papers and educational and press materials. To do this, the FIA may collect your identification data, contact details, employment and business information, and research data.
This information will be shared within research and policy publications, or articles we produce or contribute towards, typically in pseudonymous or aggregated form. We may also share this content, and some underlying information, with policy stakeholders, policy makers and journalists on legislative issues, or in communicating the FIA’s views on policy objectives. We may also share information with researchers, who may share their own privacy notices, and with our service providers including IT service providers. We also share information with our professional advisers as required.
Processing your job application (legitimate interests, explicit consent)
We collect and use your personal data so we can process your application. We store, and where needed, update, your personal information to make informed decisions on recruitment and assess your suitability for the role, to communicate with you about your application, to respond to your inquiries and schedule interviews, and to reimburse you for any agreed expenses incurred in the application process. If you need to provide us with details of your health, to offer you reasonable adjustments, we will process this on the basis of your consent to the extent required by applicable data protection laws.
We have an interest in carrying out appropriate checks to verify the information provided by candidates. We verify the details you have supplied and, where applicable, conduct pre-employment background checks.
To do this we use your identification data, contact details and application related information.
This information will be shared with companies that assist us with recruitment and provide IT system or support. We also share information with our professional advisers as required.
Business interests (legitimate interests establishment, exercise and defence of legal claims)
We have an interest in protecting our business interests and legal rights, including, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes and ethics and compliance reporting requirements. We may also use your information where necessary to protect the security of our premises, assets, systems, and intellectual property and enforce company policies, including protecting ourselves from fraud and verifying the individuals with which we interact as appropriate. Where we process your special category data for these purposes, we will typically rely upon our need to establish, exercise or defend ourselves from legal claims.
To do this, we store, use and may transmit any of the information identified in this notice.
This information will be shared with companies who assist us with relevant processing, including IT service providers. We also share information with legal and other professional advisers as required.
Compliance with law (legal obligation)
Where necessary to comply with a legal obligation we store and use your data. We have a legal obligation to:
- obtain parental consent to provide online services to children under 16. However, most of our websites are not designed for children under 16;
- respond to requests by government or law enforcement authorities conducting an investigation; and
- keep certain records for health and safety purposes and in relation to purchases made;
We may process any of the types of data mentioned in this notice for these purposes.
This information will be shared as required to comply with law, including with law enforcement or public authorities as required.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
Who will we share this data with, where and when?
Your data may be shared with a variety of third parties as described above. Personal data is also shared as necessary within the FIA and within the FIA group, including with our commercial, mobility, legal, privacy and IT departments. Your personal data will be shared with the FIA’s third-party service providers, who will process it on behalf of the FIA for the purposes identified above. This may include the providers of insurance services, IT and technology services, survey providers and event organisers. We also share information with our professional advisers. Some of our suppliers may be separate data controllers, and may provide you with their own privacy notice where appropriate.
We will share information with relevant third parties, such as Mobility Clubs, where this is the required for the purposes set out above. We will also share data with third parties who assist with our meetings, events, courses and competitions as necessary to ensure that your attendance is appropriately managed and we will share appropriate data with third party ticketing providers as necessary to manage our ticketing processes. As part of its One Road co-ordination role, FIA also shares information about Club Members’ use of FIA Partner offers with their Member Clubs.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that FIA’s business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business as required for the purposes above.
For a number of purposes set out above, the data sharing described is likely to result in the sharing of your data with third parties located outside your country; in principle, this may be any country in the world. Where information is transferred outside the EEA, Switzerland or the UK, and where this is to a third party in a country that is not to a country considered adequate under Swiss, EU or UK law, data is usually adequately protected by approved standard contractual clauses, or a vendor's Processor Binding Corporate Rules. In some limited circumstances our transfers may be exempt from adequacy obligations, where transfers are for important reasons of public interest, such as sharing of data for anti-doping purposes. Where we transfer on the basis of an adequacy mechanism, a copy of the relevant mechanism can be provided for your review on request by contacting us using the details set out below.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine-readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in European, Swiss and UK data protection laws and under applicable member state laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, you can contact us – or our Data Protection Officer – using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This may be the CNIL in France. You may also complain to the Federal Data Protection and Information Commissioner in Switzerland.
We will always inform you where information you provide is mandatory. Information that is provided in order to comply with the FIA’s various rules and regulations listed above is mandatory. Failure to provide this information breach our regulations.
Details of the FIA as a controller
The FIA has two primary entities: a French association having its registered office in 8 Place de la Concorde, Paris, and a Swiss association having its registered office in 2 Chemin de Blandonnet, Geneva.
Both entities work together as joint controllers in the processing of personal data relating to the FIA’s main activities. These entities collaborate on the determination of the purposes and means of processing described in this notice. The FIA may, from time to time, identify a specific FIA entity that is responsible for a certain processing activity. Where this takes place, it will make this clear within this notice and any other appropriate location.
The FIA’s Swiss association takes primary responsibility for supporting data subjects, and in handling any requests data subjects may have. You can find the relevant contact details below.
How do I contact you, or your data protection officer?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, you can get in touch with us and our Data Protection Officer at dpo@fia.com or by writing to: Commercial Legal, 2 Chemin de Blandonnet, 1215 Geneva 15, Switzerland.
How long will you retain my data?
FIA will retain and process your personal data for as long as necessary for the purposes identified above, including for the purposes of satisfying any specific legal requirements, such as accounting or health and safety rules, and, where required for us to assert or defend against legal claims, until the end of the relevant limitation period or until the claims in question have been settled.
After this period, we will take steps to delete your personal data or hold it in a form that no longer identifies, you provided that we have no further lawful basis requiring us to maintain your data.
Updates to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.